SymfonyWorld Online 2021 Winter Edition December 9 – 10, 2021 100% Online 25 talks and 10 workshops
If you have found a security issue in Symfony, please send the details to security [at] symfony.com and don't disclose it publicly until we can provide a fix for it.
Manage your notification preferences to receive an email as soon as a Symfony security release is published.

CVE-2021-41268: Remember me cookie persistance after password changes

CVE-2021-41268: Remember me cookie persistance after password changes

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

CVE-2021-41270: Prevent CSV Injection via formulas

CVE-2021-41270: Prevent CSV Injection via formulas

CVE-2021-32693: Authentication granted to all firewalls instead of just one

CVE-2021-32693: Authentication granted to all firewalls instead of just one

CVE-2021-21424: Prevent user enumeration in authentication mechanisms

CVE-2021-21424 prevents user enumeration in authentication mechanisms

CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient

CVE-2020-15094 fixes an issue to prevent RCE when calling untrusted remote with CachingHttpClient

CVE-2020-5275: All "access_control" rules are required when a firewall uses the unanimous strategy

CVE-2020-5275 fixes an issue preventing all rules set in "access_control" to be checked when a firewall is configured with the unanimous strategy

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

CVE-2020-5255 fixes a cache poisoning issue via a Response Content-Type header

CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler

CVE-2020-5274 fixes Exception message escaping rendered by ErrorHandler.

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

CVE-2019-18888 fixes an issue where provided file paths to the MimeTypeGuesser were not properly escaped before being executed.